ContextForge is local-first and should not send repository contents, session logs, secrets, or reports over the network unless a user explicitly asks for a networked workflow.

Please open a private security advisory on GitHub or contact the maintainer.

ContextForge must never include API keys, .env files, private keys, tokens, or credentials in generated context packs or reports.